# README
eBPF Manager
This repository implements a manager on top of Cilium's eBPF library. This declarative manager simplifies attaching and detaching eBPF programs by controlling their entire life cycle. It was built with the intention of unifying how eBPF is used in large scale projects such as the Datadog Agent. By using the same declarative conventions, multiple teams can quickly collaborate on complex eBPF programs by sharing maps, programs or even hook points without having to worry about the setup of complex program types.
Requirements
- A version of Go that is supported by upstream
- Linux 4.4+ (some eBPF features are only available on newer kernel versions, see eBPF features by Linux version)
Getting started
You can find many examples using the manager in examples/. For a real world use case, check out the Datadog Agent.
Useful resources
- Cilium eBPF library
- Cilium eBPF documentation
- Linux documentation on BPF
- eBPF features by Linux version
License
- Unless explicitly specified otherwise, the golang code in this repository is under the MIT License.
- The eBPF programs are under the GPL v2 License.
# Functions
No description provided by the author
Getpid returns the current process ID in the host namespace if $HOST_PROC is defined, the pid in the current namespace otherwise.
GetSyscallFnName - Returns the kernel function of the provided syscall, after reading /proc/kallsyms to retrieve the list of symbols of the current kernel.
GetSyscallFnNameWithSymFile - Returns the kernel function of the provided syscall, after reading symFile to retrieve the list of symbols of the current kernel.
GetTracepointID - Returns a tracepoint ID from its category and name.
NewNetlinkSocket - Returns a new NetlinkSocket instance.
OpenAndListSymbols - Opens an elf file and extracts all its symbols.
SanitizeUprobeAddresses - sanitizes the addresses of the provided symbols.
# Constants
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
DefaultTCFilterPriority is the default TC filter priority if none were given.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
XdpAttachModeDrv is native, driver mode (support from driver side required).
XdpAttachModeHw suitable for NICs with hardware XDP support.
XdpAttachModeNone stands for "best effort" - the kernel automatically selects the best mode (would try Drv first, then fallback to Generic).
XdpAttachModeSkb is "generic", kernel mode, less performant comparing to native, but does not requires driver support.
# Variables
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Structs
AllOf - This selector is used to ensure that all the proves in the provided list are running.
BestEffort - This selector is used to load probes in the best effort mode.
ConstantEditor - A constant editor tries to rewrite the value of a constant in a compiled eBPF program.
InnerOuterMapSpec - An InnerOuterMapSpec defines the map that should be used as the inner map of the provided outer map.
Manager - Helper structure that manages multiple eBPF programs and maps.
No description provided by the author
MapOptions - Generic Map options that are not shared with the MapSpec definition.
MapRoute - A map route defines how multiple maps should be routed between eBPF programs.
MapSpecEditor - A MapSpec editor defines how specific parameters of specific maps should be updated at runtime
For example, this can be used if you need to change the max_entries of a map before it is loaded in the kernel, but you don't know what this value should be initially.
NetlinkSocket - (TC classifier programs and XDP) Netlink socket cache entry holding the netlink socket and the TC filter count.
OneOf - This selector is used to ensure that at least of a list of probe selectors is valid.
Options - Options of a Manager.
PerfMap - Perf ring buffer reader wrapper.
PerfMapOptions - Perf map specific options.
Probe - Main eBPF probe wrapper.
No description provided by the author
ProbeSelector - This selector is used to unconditionally select a probe by its identification pair and validate that it is activated.
No description provided by the author
No description provided by the author
TailCallRoute - A tail call route defines how tail calls should be routed between eBPF programs.
# Interfaces
FunctionExcluder - An interface for types that can be used for `AdditionalExcludedFunctionCollector`.
ProbesSelector - A probe selector defines how a probe (or a group of probes) should be activated.
# Type aliases
No description provided by the author
InstructionPatcherFunc - A function that patches the instructions of a program.
No description provided by the author
MapCleanupType - The map clean up type defines how the maps of a manager should be cleaned up on exit.
MapSpecEditorFlag - Flag used to specify what a MapSpecEditor should edit.
No description provided by the author
XdpAttachMode selects a way how XDP program will be attached to interface.